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Introduction: 


A proxy server that intercepts all the traffic passing through it and analyzes it’s IP 
address. If it matches the known VPS/N provider IPs, then it will block the request and 
display a message of: ‘Please turn off VPN service to browse or send files.’ The firewall 
will be able to do this by matching the source IPs and packet headers with that of known 
VPNs IPs. 


PfSense & Squid proxy server was used to deploy a proxy that was between the local 
client and the internet gateway router, thus logging and filtering all the data packets as 
per its configuration of it. 


Aims & Objectives: 


Deployed PfSense proxy server between the LAN clients and the internet gateway. The 
proxy had to be in the subnets of the routers IP to which the client is connecting to or else 
it won’t be accessible(either internet, or proxy server would be accessible depending on 
the client’s IP in subnet of the router or proxy server). 


The proxy firewall rules set so that it blocks the traffic by IP depending upon choice. The 
DNS were still not blocked as they first resolve into IPs at the DNS server by it, and the 
DNS server then redirects the client to that requested website. 


ok.com 


ds google C: \Users\muhhu>ns lookup 
rene Default Server: dns.google 
Address: 8.8.8.8 


Saar tacrantcom > pearl-intl.com 
ver: dns.googl . 
ee retseaiee Server: dns.google 
Address: 8.8.8.8 


67:e5:face:b00c:0:44206 = = 
174 Non-authoritative answer: 


> islamabadrunwithus.com Name: pearl-intl.com 


Server: dns.google 


Address: 8.8.8.8 Address: 68.65.122.97 
Non-authoritative answer: 
ene > 68.65.122.97c 
z C: \Users\muhhu>nslookup 
> 50.62.141.182 
air, ae ees Default Server: UnKnown 
ny stags Address: fec0:0:0:ffFF::1 


182.141.62.58.host.secureserver.net 
: 50.62.141.182 


227.35 > pearl-intl.com 
ee Server: UnKnown 
Address: fec@:0:0:fffF::1 


edge-star-mini-shv-@1-mct1.facebook.com 
+ 157.248.227.35 


Through ‘nslookup’ in CMD.exe, the domain server request to its processing is displayed. 


Through using a tool ‘PfblockerNG’, the domains were blocked through putting them in a 
list in ‘DNSBL’ functionality of the mentioned tool, in ‘DNSBL Groups’. Hence when done, 
the config was reloaded and updated, then the firewall did as it said. I configured a list of 
Gambling and dating sited through calling a link that had all of them stored in it. The tool 
downloaded all the .txt data when updated and reloaded the config to block the updated 
links based on domain names. 


Next was to understand the way a VPN works. A private IP requests the network router to 
connect/send data to the public VPN server IP. The request is carried out as by the router 
through its own public IP, and the connection is established through the router IP. Now 
the proxy either have to be between the router and the VPN server IP to block the 
connection between it, or the router must be configured not to talk to VPN servers’ IP. As 
the proxy is between router and the client, I must find a method to make the proxy find 
out that the request and response of the client is from and for the VPNs’ IP, and block it at 
the proxy even if the encrypted data has been arrived through the router. The best option 
is to block it when the client (private IP) initially requested the connection for VPNs IP, so 
that the request never reach the router and the router never fetches data from VPN 
servers. 


I identified proton VPNs Japan IPs that it was assigning to me upon multiple connection 
establishments. Rather than identifying me as a client who is establishing connection and 


breaking it again and again, it kept on servicing me and assigning their IP to me (a flaw). 

Hence when I identified majority of the IPs, I kept them in a list statically and put them in 
DNSBL functionality of ‘PfblockerNG’, and blocked it, but haven’t yet tested the working 
as their must me some Tunneling and stuff that I’m missing at the point. 


In Squid proxy server, the IPs that were to be blocked reaching were mentioned in the 
configuration. It worked for blocking website access, though failed to stop VPN 
connection and data exchange due to tunnelling and stuff. 


UFW firewall had also failed to do so(block VPN connection establishment) in a traditional 
manner. 


Learning Outcomes: 


IPs divided in subnets can be accessed via subnet ranging. IP/32 subnet is 2", IP/24 subnet 


is 2° (256 addresses), etc. The subnets provide a range of IPs. 


By default, the Squid proxy server was running in the localhost '127.0.0.1' which was 
though fine for the client itself upon which the proxy was running, but not for the LAN 
subnets that are required to go through the proxy. Hence through ‘http_access 


192.168.*.*:3128', a private IP was assigned to the proxy. 


The configuration ‘/etc/squid/squid.conf’ of Squid proxy server sequentialy executed the 
command i.e., it’s interpreted language like bash in terminal and not compiled. The one at 
the bottom is exed later, hence what it says, even if negates the code above, is given priority 


and followed. It thus rewrites. 


I noticed that when I do ‘http_access deny all’, it executed correctly and the firefox fails to 
fetch any results when browsed. Hence there isn’t an issue with the requests not passing 
through the proxy serve. But when the IPs are blocked of VPNs, they don't comply as 
demanded in .conf file. I presume that websites will be blocked (without DNS, but IPs only), 


though I still have to test it. 


There are a lot of insites while checking, configuring and understanding the configuration 


of PfSense. I’ll continue to use more features it provides. It really is a software glory. 


@ Dashboard Hosts ES 


9 Top Hosts (Send+Receive) 


Click on the host for more information. 


Hosts packets receive 


Firewall / Rules / LAN wie 
Floating WAN LAN 
— 
Rules (Drag to Change Order) 
o States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions 
v 4/473MiB * : * LAN Address 443 * * Anti-Lockout Rule 2 
80 
x 0/08 ° Reserved . . . * . Block bogon networks 2 
Not assigned by 
IANA 
& IPv4* * * — pfB_PRI_v4 * + none pfB_PRI1_v4 auto rule LOOT 
& B IPv4 {B 4 none pfB_betting_v4 auto rule L/SOOT 
718 os IPv4* . * — pfBLONSBLIP . none pfB_ONSBLIP_v4 auto rule &/O0T 
= A 


Firewall rules defining 
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Traffic Graph 


LAN @ian (in) Sean (out Host IP Bandwidth In Bandwidth Out 
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LAN NODES echanism of proxy server deployment 


Wireless LAN adapter Local Area Connection* 1: 


Media State ......... . . : Media disconnected 
Connection-specific DNS Suffix 


Wireless LAN adapter Local Area Connection* 10: 


Media State ......... . . : Media disconnected 
Connection-specific DNS Suffix 


Wireless LAN adapter Wi-Fi: 


Connection-specific DNS . ! home.arpa 

TPv4 Address. < 2 2 4 2. 3s = 2 292.168.160.506 
Sirsa cle 6 Sa Goin on ao Sd o gereb erly bie) 
Default Gateway ........ . : 192.168.100.206 


sers\muhhu> 


Internet Protocol Version 4 (TCP/IPv4) Properties X} Internet Protocol Version 4 (TCP/IPv4) Properties 


General General 


You can get IP settings assigned automatically if your network supports 


You can get IP settings assigned automatically if your network supports this capability. Otherwise, you need to ask your network administrator 
this capability. Otherwise, you need to ask your network administrator for the appropriate IP settings. 
for the appropriate IP settings. 
© Obtain an IP address automatically 
© Obtain an IP address automatically @ Use the following IP address: 
@ Use the following IP address: IP address: 10. 1.31.68 
IP address: 192 . 168 . 195. 80 Subnet mask: 255.255. 0.0 
Subnet mask: 255 . 255.255. 0 Default gateway: Be Paes? 
Default gateway: 192 . 168 . 195. ish Obtain DNS server address automatically 
@ Use the following DNS server addresses: 
Obtain DNS server address automatically Preferred DNS server: 8.8.8.8 
@ Use the following DNS server addresses: Menuks ONG eave: 8.8.4.4 
Preferred DNS server: S88 «8.8 
: (Validate settings upon exit po . 
Alternate DNS server: " - ° IPv4 inputting 
and manual definning in ’ncpa.cpl’ 


https://www.lifewire.com/how-to-find-your-default-gateway-ip-address-2626072 


https://www.comparitech.com/blog/vpn-privacy/what-is-browser-fingerprinting-how- 


to-protect-yourself/ 


https: //www.youtube.com/watch?v=292iSPBMRZ7M 


https://www.youtube.com/watch?v=LEbAxsYRMcQ 


https://www.youtube.com/watch?v=KWwOU1z5E8E 


https://www.topbestalternatives.com/ccprox 


https://www.technadu.com/what-port-does-vpn-use/281303/ 


https://www.digitalocean.com/community/tutorials/how-to-set-up-squid-proxy-on- 
ubuntu-20-04 


https: //wiki.squid-cache.org/RoadMa 


https://wiki.squid-cache.org/ConfigExamples/WebwasherChained 


https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxLocalhost 


https://www.makeuseof.com/best-networking-tools-replace-old-net-tools-linux/ 


https: //www.scalahosting.com/kb/what-is-my-server-address 


https://www.howtogeek.com/293213/how-to-configure-a-proxy-server-in-firefox/ 


https://serverfault.com/questions/305337/acl-allow-ip-range-squid 


https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html 


https://superuser.com/questions/912610/difference-between-wan-ip-lan-ip 


https://www.freshports.org/net/rsync 


https://www.patreon.com/pfBlockerNG 


https://www.comparitech.com/blog/vpn-privacy/setup-configure-pfsense/ 


https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html 


https://docs.netgate.com/pfsense/en/latest/packages/list.html 


https: //linuxincluded.com/using-pfblockerng-on-pfsense/ 


(configuration file of PfSense added in uploaded with this report) 


